Patch Tuesday Archive
Patch Tuesday March 2019
Total CVEs
68
Critical
14
Important
43
Exploited
3
Publicly Disclosed
5
All CVEs this month 68
| CVE | Title | Severity | CVSS | Product | Exploited | Disclosed |
|---|---|---|---|---|---|---|
| CVE-2019-0592 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0603 | Windows Deployment Services TFTP Server Remote Code Execution Vulnerability | Critical | 7.5 |
Microsoft Windows | - | - |
| CVE-2019-0609 | Scripting Engine Memory Corruption Vulnerability | Critical | 7.5 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0639 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0680 | Scripting Engine Memory Corruption Vulnerability | Critical | 7.5 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0697 | Windows DHCP Client Remote Code Execution Vulnerability | Critical | 9.8 |
Windows DHCP Client | - | - |
| CVE-2019-0698 | Windows DHCP Client Remote Code Execution Vulnerability | Critical | 9.8 |
Windows DHCP Client | - | - |
| CVE-2019-0726 | Windows DHCP Client Remote Code Execution Vulnerability | Critical | 9.8 |
Windows DHCP Client | - | - |
| CVE-2019-0756 | MS XML Remote Code Execution Vulnerability | Critical | 7.5 |
Microsoft XML | - | - |
| CVE-2019-0769 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0770 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0771 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0773 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0784 | Windows ActiveX Remote Code Execution Vulnerability | Critical | 4.2 |
Microsoft Windows | - | - |
| CVE-2019-0611 | Chakra Scripting Engine Memory Corruption Vulnerability | Important | 4.3 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0612 | Microsoft Edge Security Feature Bypass Vulnerability | Important | 4.3 |
Microsoft Edge | - | - |
| CVE-2019-0614 | Windows GDI Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - |
| CVE-2019-0617 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - |
| CVE-2019-0678 | Microsoft Edge Elevation of Privilege Vulnerability | Important | 4.2 |
Microsoft Edge | - | - |
| CVE-2019-0682 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important | 7 |
Windows Subsystem for Linux | - | - |
| CVE-2019-0683 | Active Directory Elevation of Privilege Vulnerability | Important | 4.9 |
Active Directory | - | Yes |
| CVE-2019-0689 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important | 7 |
Windows Subsystem for Linux | - | - |
| CVE-2019-0690 | Windows Hyper-V Denial of Service Vulnerability | Important | 6.8 |
Windows Hyper-V | - | - |
| CVE-2019-0692 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important | 7 |
Windows Subsystem for Linux | - | - |
| CVE-2019-0693 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important | 7 |
Windows Subsystem for Linux | - | - |
| CVE-2019-0694 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important | 7 |
Windows Subsystem for Linux | - | - |
| CVE-2019-0695 | Windows Hyper-V Information Disclosure Vulnerability | Important | 6.8 |
Windows Hyper-V | - | - |
| CVE-2019-0696 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7 |
Windows Kernel | - | - |
| CVE-2019-0701 | Windows Hyper-V Denial of Service Vulnerability | Important | 6.8 |
Windows Hyper-V | - | - |
| CVE-2019-0702 | Windows Kernel Information Disclosure Vulnerability | Important | 5.5 |
Windows Kernel | - | - |
| CVE-2019-0703 | Windows SMB Information Disclosure Vulnerability | Important | 6.5 |
Windows SMB Server | Yes | - |
| CVE-2019-0704 | Windows SMB Information Disclosure Vulnerability | Important | 6.5 |
Windows SMB Server | - | - |
| CVE-2019-0746 | Scripting Engine Information Disclosure Vulnerability | Important | 7.5 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0748 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - |
| CVE-2019-0754 | Windows Denial of Service Vulnerability | Important | 5.5 |
Microsoft Windows | - | Yes |
| CVE-2019-0755 | Windows Kernel Information Disclosure Vulnerability | Important | 5.5 |
Windows Kernel | - | - |
| CVE-2019-0757 | NuGet Package Manager Tampering Vulnerability | Important | - | NuGet | - | Yes |
| CVE-2019-0759 | Windows Print Spooler Information Disclosure Vulnerability | Important | 4.7 |
Windows Print Spooler Components | - | - |
| CVE-2019-0762 | Microsoft Browsers Security Feature Bypass Vulnerability | Important | 4.3 |
Microsoft Browsers | - | - |
| CVE-2019-0765 | Comctl32 Remote Code Execution Vulnerability | Important | 7.5 |
Microsoft Windows | - | - |
| CVE-2019-0766 | Microsoft Windows Elevation of Privilege Vulnerability | Important | 6.7 |
Microsoft Windows | - | - |
| CVE-2019-0767 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - |
| CVE-2019-0768 | Internet Explorer Security Feature Bypass Vulnerability | Important | 4.3 |
Internet Explorer | - | - |
| CVE-2019-0772 | Windows VBScript Engine Remote Code Execution Vulnerability | Important | 6.4 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0774 | Windows GDI Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - |
| CVE-2019-0775 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - |
| CVE-2019-0776 | Win32k Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel-Mode Drivers | - | - |
| CVE-2019-0778 | Microsoft Office SharePoint XSS Vulnerability | Important | - | Microsoft Office SharePoint | - | - |
| CVE-2019-0779 | Microsoft Edge Memory Corruption Vulnerability | Important | 4.2 |
Microsoft Edge | - | - |
| CVE-2019-0780 | Microsoft Browser Memory Corruption Vulnerability | Important | 7.5 |
Microsoft Browsers | - | - |
| CVE-2019-0782 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - |
| CVE-2019-0797 | Win32k Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Graphics Component | Yes | - |
| CVE-2019-0798 | Skype for Business and Lync Spoofing Vulnerability | Important | - | Skype for Business | - | - |
| CVE-2019-0804 | Azure Linux Agent Information Disclosure Vulnerability | Important | - | Azure | - | - |
| CVE-2019-0808 | Win32k Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Graphics Component | Yes | Yes |
| CVE-2019-0809 | Visual Studio Remote Code Execution Vulnerability | Important | - | Visual Studio | - | Yes |
| CVE-2019-0821 | Windows SMB Information Disclosure Vulnerability | Important | 6.5 |
Windows SMB Server | - | - |
| CVE-2019-0666 | Windows VBScript Engine Remote Code Execution Vulnerability | Moderate | 7.5 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0667 | Windows VBScript Engine Remote Code Execution Vulnerability | Moderate | 7.5 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0763 | Internet Explorer Memory Corruption Vulnerability | Moderate | 7.5 |
Internet Explorer | - | - |
| CVE-2019-0816 | Azure SSH Keypairs Security Feature Bypass Vulnerability | Moderate | - | Azure | - | - |
| ADV190008 | March 2019 Adobe Flash Security Update | Low | - | Adobe Flash Player | - | - |
| CVE-2019-0665 | Windows VBScript Engine Remote Code Execution Vulnerability | Low | 7.5 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0761 | Internet Explorer Security Feature Bypass Vulnerability | Low | - | Internet Explorer | - | - |
| CVE-2019-0777 | Team Foundation Server Cross-site Scripting Vulnerability | Low | - | Team Foundation Server | - | - |
| CVE-2019-0783 | Scripting Engine Memory Corruption Vulnerability | Low | 7.5 |
Microsoft Scripting Engine | - | - |
| ADV190009 | SHA-2 Code Sign Support Advisory | Unknown | - | Microsoft Windows | - | - |
| ADV190010 | Best Practices Regarding Sharing of a Single User Account Across Multiple Users | Unknown | - | Microsoft Windows | - | - |
Threat Categories 9
| Threat Category | CVEs | Critical |
|---|---|---|
| Remote Code Execution | 25 | 13 |
| Information Disclosure | 17 | - |
| Elevation of Privilege | 11 | 1 |
| Security Feature Bypass | 5 | - |
| Denial of Service | 3 | - |
| Tampering | 2 | - |
| Spoofing | 2 | - |
| Defense in Depth | 2 | - |
| Unknown | 1 | - |
Affected Products 24
| Product | CVEs | Exploited |
|---|---|---|
| Microsoft Scripting Engine | 15 | - |
| Microsoft Windows | 7 | - |
| Windows Kernel | 6 | - |
| Windows Subsystem for Linux | 5 | - |
| Microsoft Graphics Component | 4 | 2 |
| Windows DHCP Client | 3 | - |
| Microsoft Edge | 3 | - |
| Windows Hyper-V | 3 | - |
| Windows SMB Server | 3 | 1 |
| Internet Explorer | 3 | - |
| Microsoft Browsers | 2 | - |
| Azure | 2 | - |
| Microsoft XML | 1 | - |
| Microsoft JET Database Engine | 1 | - |
| Active Directory | 1 | - |
| Microsoft Office | 1 | - |
| NuGet | 1 | - |
| Windows Print Spooler Components | 1 | - |
| Windows Kernel-Mode Drivers | 1 | - |
| Microsoft Office SharePoint | 1 | - |
| Skype for Business | 1 | - |
| Visual Studio | 1 | - |
| Adobe Flash Player | 1 | - |
| Team Foundation Server | 1 | - |